CVE-2020-6496
📋 TL;DR
This is a use-after-free vulnerability in Google Chrome's payments component on macOS that allows a remote attacker to potentially escape Chrome's sandbox via a crafted HTML page. It affects Chrome users on macOS who haven't updated to version 83.0.4103.97 or later.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Backports Sle by Opensuse
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Leap by Opensuse
⚠️ Risk & Real-World Impact
Worst Case
An attacker could execute arbitrary code outside Chrome's sandbox, potentially gaining full system access on the compromised macOS device.
Likely Case
An attacker could execute code with higher privileges than Chrome's sandbox normally allows, potentially accessing sensitive system resources or user data.
If Mitigated
With proper controls like updated Chrome versions and restricted browsing, the impact is limited to Chrome's sandbox environment only.
🎯 Exploit Status
Exploitation requires user interaction (visiting a malicious webpage) but no authentication. The bug report suggests the vulnerability was discovered internally.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 83.0.4103.97
Vendor Advisory: https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the updated version.
🔧 Temporary Workarounds
Disable automatic payments
allTemporarily disable Chrome's payment features to reduce attack surface
chrome://settings/payments → Toggle off 'Save and fill payment methods'
Use alternative browser
allSwitch to an updated, non-vulnerable browser until Chrome is patched
🧯 If You Can't Patch
- Restrict browsing to trusted websites only
- Implement network filtering to block malicious domains and suspicious HTML content
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: Open Chrome → Click three-dot menu → Help → About Google Chrome. If version is below 83.0.4103.97, it's vulnerable.Check Version:
On macOS terminal: /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --versionVerify Fix Applied:
After updating, verify Chrome version shows 83.0.4103.97 or higher in About Google Chrome.📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports with memory corruption signatures
- Unexpected Chrome process spawning with elevated privileges
Network Indicators:
- HTTP requests to known malicious domains hosting exploit code
- Unusual outbound connections from Chrome processes
SIEM Query:
source="chrome_logs" AND (event_type="crash" OR process_name="Google Chrome" AND parent_process!="launchd")🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html
- https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html
- https://crbug.com/1085990
- https://security.gentoo.org/glsa/202006-02
- https://www.debian.org/security/2020/dsa-4714
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html
- https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html
- https://crbug.com/1085990
- https://security.gentoo.org/glsa/202006-02
- https://www.debian.org/security/2020/dsa-4714
